On Sunday, 27 November 2016 01:54:37 CET Alessandro Ghedini wrote: > Hello, > > not sure if this has been discussed before (apologies if it has). > > QUIC mandates that certificate chains be gzip compressed in order to reduce > the amount of bytes transmitted during full handshake. > > The QUIC crypto document says: > > Any remaining certificates are gzip compressed with a pre-shared > dictionary that consists of the certificates specified by either of the > first two methods, and a block of common strings from certificates taken > from the Alexa top 5000. > > https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5 > L6g/edit#heading=h.fgd4sj5avil0 > > Has anyone though about including something like that in TLS 1.3? > > Given that certificates usually take up most of the bytes exchanged during a > full handshake it seems this could be useful, but I don't know if in > practice the benefits are worth the added complexity. Thoughts?
Decompressing completely untrusted and unverified data directly in the security library? No, I don't think we need more complex code in TLS implementations. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
